Support ⇒ Security ⇒ Spam being sent from my domain - is it DragonFly? ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexSecurity

Spam being sent from my domain - is it DragonFly? Reply to topic

Go to page Previous 1, 2

Thanks Nano, nothing attached - can I use the file from CVS? Will those close the 'hole' my host was referring to?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


You should now be able to download the file.

No, it wont get rid of the problem.
It will include a custom header in all outgoing emails
"X-DF-MailerSRC: FileUsedToSendMail for IpAddress"

When u receive a bounced email, check for this header in the mail message source and you will know which file is abused.
No need to guess anymore. Straight to the source of the issue.

At this stage you will know what you need to disable/change.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Thanks Nano - I'll keep an eye. My host banned the IP that 'appeared' to be sending the emails (and the email adresses got all the way to az**@*.*) and they appear to have stopped for now.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


they have stopped lol because you removed the Tell a friend option.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Multiple Setups


They have stopped because you removed Tell a Friend module and or the IP was banned but the patch will still help you in case some other module use a similar function.

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


rosbif,

Just came across this thread. I encountered exactly the same problem on the 17th of December (disabled the module to deal with at that time). Interestingly the site in question was very much along the same lines as yours as far as subject matter is concerned - just a coincidence I guess!

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache 2.4.27/MySQL 10.1.26-MariaDB/PHP 5.2.17/Dragonfly 9.2.1


Could be - seemed like a determined attack to me at the time!

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


I've started getting attacked again - having added the line to my phpmailer page the offending page that is being targetted is /home/chantill/public_html/modules/Downloads/include/friend.inc

I'm going to try and add a captcha to that page or change it to registered users only to try and shore it up. To be honest I think every link like this should be plugged or selectable in config..

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Sorry to hear that. If/when I bring ours back online I think it definitely has to befor registered users only - hope that works for you.

Note: WWW Private Listing - Staff Only

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache 2.4.27/MySQL 10.1.26-MariaDB/PHP 5.2.17/Dragonfly 9.2.1


I've added the following lines to the preview and submit functions in friend.inc

if (!is_user()) { $error = 'Sorry, this function is for registered users only'; }

and I've changed the form at the bottom to this:

<input type="hidden" name="id" value="'.$friend_id.'" />'; if (is_user()) { echo '<input type="submit" name="preview_message" value="'._PREVIEW.'" /> <input type="submit" name="send_message" value="'._SUBMIT.'" />'; } else { echo 'Please log in to use this feature'; } echo '</form>';

Think that should be sufficient. I should really make it multilingual and/or not display the tell a friend link if not logged in but I can't find where to add that bit!

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


The IP address showing up is 112.202.212.250 so I am going to block that too.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Thanks for sharing that info - I'll make a note.

Note: WWW Private Listing - Staff Only

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
linux/Apache 2.4.27/MySQL 10.1.26-MariaDB/PHP 5.2.17/Dragonfly 9.2.1

All times are UTC
Go to page Previous 1, 2


Jump to: